go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

Search results for "opm breach"

Go to Homepage, contents or to navigation menu



Congressional Report Slams OPM on Data Breach

I’ve been going back and I remember reading this article entitled Congressional Report Slams OPM on Data Breach from Brian. I don’t think I posted this, but OPM should be ashamed of its actions that lead to the biggest breach I’ve ever witnessed besides the Target one of course. I do not think that it is going to get better, and this is going to just absolutely not be good. If the company knew about someone for example, getting in to their network, and it took awhile to get them out, and they leave someone else alone, then you’re going to get owned. I just don’t know what the solution is, but the article will talk more about this. Enjoy!

Comments (0)

Cerebral is next on the breach department

We talked about Good RX, better help and now its time for the article Telehealth startup Cerebral shared millions of patients’ data with advertisers.

I’ve never heard of this company, just like I had never heard of Better Help.

We talked about companies like OPM which congress slammed for their troubles in the past too. As health breaches continue to climb, its a matter of time before your own doctor will be targeted, even if they use an app that has not been targeted yet.

This is concerning as these apps can be useful to communicate with your doctor. I used mine recently to deal with some eye trouble, although if they said for me to go on in, I would have, but I made an enquiry and they did give me the medicine as I explained what was wrong.

We should keep up with these things, and if I see it, I’ll pass it along.

According to the article, this isn’t Cerebral’s first problem and if you’re using them, I’d start calling your doctor and telling them about this problem. Its huge.

Comments (0)

In 2017, Ian Thornton-Trump said a breach was inevitable, company did nothing

To get this article to read, I had to select reader view in firefox, the Daily Mail web site is aweful!

Be that as it may, this article is definitely worth the trouble, as Ian Thornton-Trump, a former employee at Solar Winds, indicated in 2017 that a breach was inevitible.

Ian Thornton-Trump, a former cybersecurity adviser at SolarWinds, said he urged management in 2017 to take a more aggressive approach with its internal
security, warning that a cybersecurity episode would be ‘catastrophic’, according to a New York Times report published Saturday.

The article then goes on to say that since the move to Eastern Europe where some of the development to the software took place, and Russian operatives have ties there, could have lead to this breach. The cost savings by moving the devlopment aspect to Europe may have cost them, as the article states.

The article does state that there is no cybersecurity person at the company, and not having someone who can help fend off attacks like the one we have witnessed could possibly cost this company.

Want to read more? Select reader view in your browser for best results, SolarWinds was warned about potential cyber attack, cost-saving move to Europe may have exposed firm is the article title, let the comments begin!

Comments (0)

Travel Booking company pays out money for 2016 breach

I took the Christmas break off from posting, hope everyone has enjoyed their holiday as much as I enjoyed the break. We’re going to start with some interesting news coming out of Cyberscoop I recently read in regards to a booking company having to pay out some money for a 2016 breach.

The company in question is called Sabre Corp who I’ve never heard of.

Sabre Corp. will make a $2.4 million payout and shore up its cybersecurity policies under an agreement with 27 state attorneys general who investigated
a breach of its hotel-booking technology.

The settlement, announced Wednesday, involves a 2016 intrusion into the SynXis Central Reservation, run by the Texas-based corporation’s Sabre Hospitality
Solutions subsidiary. The breach exposed the details of about 1.3 million credit cards.

Letitia James is the New York attorney mentioned in this story.

The article indicates that there were multiple failures which I thought we should talk about. First, they had a susceptible security system, then they didn’t notify their customers in a timely manner. That’s two big failures which one should’ve never happened.

I completely get that there are going to be mistakes, notifying your customers of that mistake should not be one of your mistakes. This is beyond repair, the money should go to the customers and not to the states though. The customers are at a loss here by the first mistake which could be anything from a software breach which is understandable, seeing how company assets are upgraded differently than consumers as we’ve learned.

“Today’s agreement not only imposes a hefty fine on Sabre but will ensure that the company has the appropriate security and incident response plan in place
so that its failure does not take place again.”

The failures may happen again, See the blog for articles like this one on InterContinental Confirms Breach at 12 Hotels amog many others.

Its been confirmed, Mariot suffered another breach was many breaches at the Mariot chain, but they were up front with what was going on, and you can read those articles to form your own opinion.

The settlement requires Sabre to “implement and maintain a comprehensive information security program, and a written incident response and data breach
notification plan,” according to the attorneys general. “Sabre must also obtain an independent third-party security assessment and implement any recommendations
to improve network security.”

Should cybersecurity be everyone’s business by now? Why does it take a settlement with states or individuals to make companies wake up to the security problems of today.

According to the article, the hotel chains effected by the breach included Trump Hotels, The Four Seasons and Loews Hotels.

Trump Hotels have been talked about in other articles on the blog, search it out. I know the blog starts April 2011, but that can’t be helped now, but you can even search the Internet for articles about that hotel chain.

Sabre’s revenues were reported to be nearly 4 billion dollars so they should be able to shore up their defenses. Since I onbly read the article on the 27th, the quote

The company had not issued a comment about the settlement as of Thursday morning.

should not be much of a surprise to anyone in this industry.

Would you like to read more about this facinating piece of good news? Travel-booking company Sabre Corp. settles with 27 states over breach of credit card data is the Cyberscoop article we’ve taken from.

Lets show companies that this is not exceptable behavior and we want our information regarded as secure as possible. The public understands that there are going to be mistakes, some may not be your fault. Your immediate reaction such as notifying us of the breach or intrusion, finding out what happened, figuring out how to prevent the problem from occuring again, and we can’t forget training your customer service reps to respond to questions from customers who may call you about the breach.

When I got notified by mail from OPM about their breach, the customer service rep knew what was going on, was able to identify what was going on, and answered my questions. While I didn’t ever do business with them, they told me the information I needed to know, based on me identifying myself as who I said I was, Jared Rimer. I won’t disclose the rest of what was disclosed, but suffice it to say, I wasn’t necessarily impressed I was involved with a company I had no direct contact with, but understood what they did. That is the most important thing we can take out of these breaches, the up front nature of what is disseminated to us. Let us hope that 2021 will teach companies that this is the most important thing they can learn from this breach pandemic year that is 2020. Make it a great day.

Comments (0)

Say what? More than a million people have their biometric data exposed in massive security breach

Before I get to the heart of my post, I must add that this post is three days old, but still fresh off the presses. This is definitely something to think about.


I just saw this article entitled: More than a million people have their biometric data exposed in massive security breach and it brings up some very interesting questions. Sadly, I’m not versed on this, and I would rather pass along the article than to comment on something I’m not versed with. I do know that the OPM breach was mentioned, and sadly, if this breach is similar to that one, there is nothing we can do. Hey Steve at GRC? Are you reading? I don’t think this will be the last time we hear of this.

Comments (0)

The Security box, podcast 204: Sharp Rhino

Hello everyone,

We have neglected this blog and the TSB directory this past week.

Lots of different things were going on when it comes to the release to this blog including internet issues.

I’m here now, and its better late than never.

If the RSS feed does not havve this podcast, please let me know by sending me an email.

You can also just download the 1143.6mb file and enjoy the program!

Below, please find the show notes associated with this program, and we’ll be back with more blogs very soon!


Welcome to the security box, podcast 204. What big story is coming out about a company who has apparently gained access to tons of data illegally? The names, potential relative information, possible address information and social security numbers may be affected.

Our topic today talks about how IT workers are getting hit with a new ransomware strain called Rino.

All of this as well as the news, notes, questions and comments from any participents that may come in.


The next possible biggest breach

There’s a lot of conflicting information, especially when it comes to which particular group supposedly hacked the company to begin with.

This particular incident reminds me of the OPM breach of 2018.

search the blog for opm breach

Here are our blog posts which talk about the subject as of writing these notes. There’s still a lot for us to learn.

  • We’ve got more on this NPD databreach was written on august 11, 2024 and it links to a Bleeping Computer article. There are a lot of questions here including the exact number of people and the fact that there are conflicts within the data that was seen by the publication.
  • 2.9 billion users, National public data gained data illegally is the blog post that links to the hackread article that Kim Komando linked to within her newsletter. This one talks about a lawsuit and that lawsuit deals with the fact that this company got the info illegally and orders the court to delete the illegal data. We highlighted this article on the Throwback Saturday Night program for August 10th. The RSS for that show is on this link.

What is Sharp Rhino?

Ransomware gangs target IT workers with sharp rino malware is the blog post which leads to today’s discussion from Bleeping Computer titled Ransomware gang targets IT workers with new SharpRhino malware which should be a very interesting discussion.


Supporting the podcast

If you’d like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can’t do this alone.


Internet Radio affiliates airing our program

Our Internet Radio stations that carry us include International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!

Comments (0)

Update, amendment to boost cybersecurity passes … hoping it’ll start some good news

In an earlier blog post it was talked about where the defense bill was being used to bolster up cybersecurity.

I had recently done some reading, and it looks like it passed. The article is titled Langevin amendment to boost cyber defenses for critical infrastructure wins House approval which is some great news!

An amendment that includes cyber protections to defend “systemically important” critical infrastructure — such as large energy utilities, telecom providers and major financial institutions — won adoption in the U.S. House of Representatives Thursday.

I really have a problem with this paragraph though. It says:

Designation will require organizations to disclose risk management strategies for critical assets and supply chain; share and receive threat intelligence with the government; and allow federal agencies to examine operations and assess performance-based security goals.

If you remember this blog post, it talked about how congress.gov was briefly DDOS’ed although they had steps in place to get things back up quickly. And while that was not devistating, we only remind you of the OPM breach and that we later found that a congressional report slammed OPM on their breach. (Blog Post) If that’s not bad enough, isn’t the police some part of government in some capacity? We get their services for free, but they’re getting paid somehow. I’m not clear on how this aspect works, so … someone can correct me if I’m wrong.

We also go back to the supply chain attack of Solar winds and this blog post where someone named Ian Thorton Trump told Solar Winds about a potential breach and they absolutely did nothing about it.

There is plenty more, searching OPM may give you a better target of posts about that particular breach as we have been known to cover tons of breaches so other posts will come up.

There are plenty of linked items within the initial linked article we’re mainly talking about here, but I think this is a step in the right direction. Only time will tell what will happen with this, and I hope that we’ll learn more.

Thanks Cyberscoop for allowing us to read up on this, it is definitely an important topic we need to keep our minds on.

Thanks all for reading, and make it a great day!

Comments (0)

This can’t be good: Equifax or Equiphish?

I just read this article entitled Equifax or Equiphish? and I’m personally not convinced that a freeze is the answer to all of these issues with Equafax and its continuing issues on letting us know about their breach. The more I read about what they’re doing, the more I don’t want any of what they’re offering.

  • Charging consumers to put a freeze on their file because they didn’t update their software
  • Having everyone sign up for credit monitoring which is fine, but then saying you’re not effected
  • When the breach first occurred, telling people to come back at a certain date but the site doesn’t work
  • Having Experian which I understand they control being part of the data breach problem as they had their own issues

When I first got the letter from the OPM breach, and entered my information that I was given, I talked to an agent. The agent was very nice, and explained who they were, as I had no idea. I know that fingerprints are needed as part of getting a job in some cases, but we do not have any idea on who is offering the service for the company. I’m really wondering if we’re losing control of our information. There will be no way for us to have control of it come the next 5 to 10 years.

Have thoughts? Please feel free to sound off in the comments, and let us know how you have credit checked if you apply for a credit card or loan. This can’t be good.

Comments (2)

Trump, DNC, RNC Flunk Email Security Test

OK, On the 25th of July, I read this article entitled Trump, DNC, RNC Flunk Email Security Test and this doesn’t surprise me one bit. We’re talking about parts of government here, and the government has proved that they are not secure when it comes to personal information. Just look at the Catching Up on the OPM Breach (Krebs June 15, 2015) and you’ll see that when he caught up, there was more to this than we knew. Your comments will await the boards.

Comments (0)

Podcasts released

OK,
I’ve neglected to post show notes or details of the last several podcasts.

podcast 229

Lots of various things including an update on My Telespace VS Philmore stuff. Sipmeeting VS Philmore … is what you need to read. We talk about some security and tech stuff, and also we talk about scams.

What to read

The podcast is 2 hours and 18 minutes. Enjoy!

Podcast 230

Welcome to podcast 230. On this podcast, we finish up Go Metro version 3.x and its demonstrations. Then, our largest segment lasting an hour and 43 minutes, is dealing with identity protection and thoughts on what we should do to try to get companies to understand why they need to do something to keep our personal information as safe as possible. We’ve got plenty of links to stories and Wikipedia that will be of interest to read. Take your time, don’t rush, but make sure that you comprehend what we’re talking about so you can participate in the discussion. Here are those links. As a side note, I don’t expect you to understand everything, its a lot to digest.

Podcast 230

Podcast lasts about 2 and a half hours. Thanks again for listening!
Office of Personnel Management data breach (wikipedia)

podcast 231

On this podcast, Honeywell, IOS with SIRI, and Lastpass.

Podcast 232

We just released podcast 232 today, and here are those show notes.

On this cast, my thoughts on breaches, hospital security, UEB, and a discussion on the most recent breach which we tried to do from 230 which failed miserably. Two videos play, and we’ll see what you think. Hope you enjoy. Links will be in these show notes.

Links from 232

Other links that might be of interest from 230 which may be of use:
Podcast 230

We’re sorry for not posting these show notes sooner, its just been busy. We are continuing the fight for understanding these breaches, and I’ll continue to mention the big ones around. See you all later.

Comments (0)

Here’s our whole TSB directory of podcasts for those who want it

Since we’re not having a show this week, I thought it would be a good idea to give people the opportunity to get whatever they missed.

Remember that each podcast is posted up here as well as being posted on EMHS’s TSB page but since we’re going to be absent, I thought I’d give you a highlight of what we’ve been covering in case we’re getting new people.

The below comes from the TSB page, and I’m posting it for convenience.

Feel free to download anything you missed through the years and thanks so much for listening to our program! I can’t wait to get back to the airwaves next week.

Our next scheduled program is on the 20th.


The podcast list

The Security box podcast directory
Podcast number Date of broadcast Annotated Show notes
podcast 182 (198.1mb) March 6, 2024 Hello folks, welcome to the security box, podcast 182. On this podcast, besides the news and notes of the week, we’re going to learn about a new potential threat by a new potential actor called Savvy Seahorse. If you’ve read the blog, you’ll already know, but if you only listen to the podcast, this is going to change the way malware is delivered. Of course we’ll see what our participants want to talk about as well.
podcast 181 (169.6mb) February 28, 2024 Hello everyone, welcome to the Security Box, podcast 181. In Q4 of 2023, Phishlabs is reporting that a record of phishing sites impersonate social media to target victims. Question for the listener, what do you think you should look for when you get communication that talks about social media before you click, tap, double tap or press enter on a keyboard? We’ll have the news and landscape as well as your comments and concerns. We hope you enjoy the show!
podcast 180 (170.3mb) February 21, 2024 Hello everyone, welcome to the security box, podcast 180. On this podcast, Phishlabs will guide us through something I don’t think we have ever seen. It talks about a service that is a web host service, but it is a completely different type of web host. They didn’t classify it as bulletproof hosting, but something called phishing as a service. Two different companies are mentioned. Besides that, we’ve got news, notes, the landscape and your thoughts. Thanks so much for listening!
podcast 179 (209.2mb) February 14, 2024 Hello folks, welcome to the security box. This is program 179. This time, we’ll venture off the path a bit and talk a little bit about romance scams. Instead of using the article as a guide, we’ll talk about it in more general terms. Did you know that Valentines Day is one of the biggest times for this type of scam? Besides that, we’ll have news, notes and the landscape as we always do. Thanks for listening and make it a great day!
podcast 178 (218.3mb) February 7, 2024 Hello everyone! Welcome to the security box, podcast 178. On this podcast, we’re going to talk about the landscape, the news, and the crazy. We are also going to talk about the threats of Social Engineering as well. We give you the best blog posts of the week as well. We hope you enjoy the program, and make it a great day! The best blog posts will be on the blog copy of these notes.
podcast177 (215mb) January 31, 2024 Welcome to podcast 177 of the Security Box. On this podcast, we seem to be on a password discussion, as lots of articles have come out in regards to the subject. Our topic even will include talking about passwords. We’ll also have things to ponder, possibly some morons, and a great time as always! The show notes are extensive, including links to some of what we talk about. Consensus indicates they’re a good thing.
podcast 176 (178.3mb) January 24, 2024 Hello folks, welcome to the security box, podcast 176. This podcast is mainly going to be an open forum, but we will have some topics coming. We might have some morons, some things to ponder, and whatever is on the minds of those that come on live.
podcast 175 (166.7mb) January 17, 2024 Hello folks, welcome to the security box, podcast 175. I’ve been out sick, and now we’re back to bring you what we wanted to bring you this past week. We’ve got news, notes, the landscape, two morons, things to ponder and a topic dealing with dark web threats targeting the airline industry. Thanks so much for listening and make it a great day!
podcast 174 (127.7mb) January 3, 2024 Welcome to podcast 174. On this podcast, we’re just traversing the landscape and some of our longer posts and things that caught our attention. In most ways, this isn’t complete, but just some. Terry, Nick and I take you along for the ride. Enjoy!
podcast 173 (165.8mb) December 13, 2023 Hello folks, welcome to podcast 173. This is going to be the last podcast of the year as it comes to live programming. Don’t worry, we’ll continue to blog things of importance, and I’ll look through our podcast notations for some good things and put out a final podcast of the year. Our next live program will be on January 3, 2024. On this edition of the program, we’ll have our news and notes segments, the moron, two things to ponder which are extended versions and of course our topic dealing with the HHS and their fine on an agency who got breached.
podcast 172 (156.5mb) December 6, 2023 Hello folks, welcome to the Security Box, podcast 172. On this podcast, we’ve got two different morons, a look at the landscape, a few things to ponder and our topic dealing with the Q3 report on the landscape which includes QBot and other variants out there causing havoc.
podcast 171 (197.4mb) November 29, 2023 Welcome to the Security box, podcast 171. We hope that each and every one of you have had a happy Thanksgiving and have recharged your batteries. On this edition, we’re making it official and am bringing back the things to ponder. We’ll explain what we’re going to do and we put it in practice last podcast. If these things to ponder have blog posts, we’ll link them from right within the program’s show notes so you can read what we’re talking about. We’ll also have news, notes, any moron of the podcast and our topic talking about URL shorteners and a recent trend with them. We hope you enjoy the show as much as we have bringing the show for you!
podcast 170 (78.3mb) not aired Hello folks, welcome to the podcast. We’re talking about password managers in a big way today. Links to the major managers are given. Its not a complete list, and there may be others I’m not aware of that may be trusted or we don’t know much about. We bring back things to ponder in a different way and you’ll get a taste of this in this podcast. I hope you enjoy the program as much as we have bringing it together for you. Happy holidays from all of us at the JRN!
podcast 169 (193.3mb (193.3mb) November 15, 2023 Hello folks, welcome to TSB podcast 169. On this program, we’re going to talk about Generation Z and an article I found that delbt with their privacy concerns. We may also have a moron, news, notes and more.
podcast 168 (175.5mb) November 8, 2023 Hello folks, welcome to the security box, podcast 168. On this program, we’ll see if we’ve got any morons, a service that is a phishing service, news, notes and more.
podcast 167 (204.2mb) November 1, 2023 A bunch of things to close out NCSAM. Caller ID spoofing, companies not following COPPA, and more.
podcast 166 (146.3mb) October 25, 2023 Welcome to the Security box, podcast 166. On this program, news, notes, the landscape and our thoughts on updating software. Check the blog for all of the latest news we’ve blogged and remember to subscribe to TSB’s email list to get direct articles and comment on things.
podcast 165 (147.3mb October 18, 2023 Welcome to the security box, podcast 165. We’ve definitely got at least one stupid moron award, that could be taken in two different ways. Next moron, Twitter, in an interesting move on charging non-paying users for access to twitter $1 a year according to their own twitter notification I saw. The topic this week is going to be on Credit cards, debit cards, online VS offline shopping and what we can do.
podcast 164 (126.1mb) October 11, 2023 Welcome to the Security Box, podcast 164. Today, we catch up on some erata we did not get to last time in regards to passwords. We’ve also got the topic of domains and talk a little bit about the different type of domains and their purpose. We also talk about the guide we published on the blog which will also be linked herein. We have stupid moron awards with links to blogs and much more. This is the program that aired live on October 11, 2023. Thanks for listening!
podcast 163 (162.5mb) October 4, 2023 Hello folks, welcome to the Security Box, podcast 163. On this episode, we go through the news, talk about a very interesting interview and then tackle our first topic of NCSA

podcast 162 (148.3mb) September 27, 2023 Welcome to the security box, podcast 162. On this edition of the podcast, we’ll run through the blog and list, anything else on audience insights and more. This is week 2 of the open forum. Hope you enjoy the program!
podcast 161 (148.1mb) September 20, 2023 Welcome to the security box, podcast 161. On this podcast, we’re covering a few notations of the recently released IOS 17, tons of articles from the blog, and having ourselves an open forum. We hope that you enjoy the program as much as we did putting it together for you.
podcast 160 (107.4mb) September 13, 2023 Hello folks, welcome to podcast 160. On this week’s edition, we’ll reveal the sudden absence of TSB, we’ll have news and notes from around the landscape that folks may have read, and aa very interesting topic that deals with Freenom and the phishing landscape. Apparently, Facebook is in this too. Of course, we’ll have any questions answered that people have too. Thanks for your support of TSB and thanks so much for listening!
podcast 159 (151.9mb) August 30, 2023 Welcome to the security box, podcast 159. On this podcast, we’re going to have a two-part article discussion dealing with fraudulent activity when it comes to retail and the dark web. This came to us via Phishlabs. Besides that, we may have some stupid morons to talk about, the landscape as usual, and your comments and questions if any.
podcast 158 (149.3mb) August 23, 2023 Welcome to podcast 158 of the Security Box. On today’s podcast, we’ve got at least one moron, we’ve got an interesting topic that deals with Facebook getting fined, again, and of course we’ll cover the landscape and what has been read and blogged as of late.
podcast 157 (146.4mb) August 16, 2023 Welcome to the security box, podcast 157. This week, we ay be talking about a very interesting topic coming out of connecticut which might or might be a moron. We’ll talk about other news and notes from the landscape, and yes, today’s topic is on ransomware groups and one which says you should pay the money to charity instead of the group itself.
podcast 156 (132.5mb) August 9, 2023 Hello folks, welcome to the Security Box. This is program number 156. On this episode of the program, we’re going to talk about a very interesting article that was published back in April on what we’ve learned about stopping Russia’s hackers since the war has started. Also, this program will have news, notes, the landscape and much more.
Podcast 155 (167.2mb) August 2, 2023 Welcome to the Security box, podcast 155. On this program, we’ve got an update to Age Verification which we’ve not seen any update since. This Verge article may be something that could be of interest if it turns out to be true. We’ll also talk about the news and notes from the landscape and much more.
Podcast 154 (138mb) July 26, 2023 Hello folks, welcome to program 154. On this edition of the program, come with us for some news and notes, a recollection of someone who can change after making mistakes, and a topic talking about DDoS for hire services that have been shut down within recent times which could be a good thing.
podcast 153 (206.3mb) July 19, 2023 Hello folks, welcome to the Security box. This is program 153 and on this edition of th program, we’re going to talk about a potential new threat that we might need to learn about. We’ll also have potential morons that has crossed our desk, news and notes from around the landscape and more.
podcast 152 (186.5mb) , July 13, 2023 On this edition of the program, we’ve got an open forum of topics. Lots of them have been covered through the years while others have been covered on the blog or TSB’s email list. We hope that you enjoy the program as much as we put this together for you. See you next time!
podcast 151 (148.6mb) July 6, 2023 Welcome to the security box, podcast 151. I hope that each and every one of you have had a great July 4th holiday. On today’s podcast, we’re going to have an updated discussion on BEC which stands for Business Email Compromise. On top of that, we’ll see what else the landscape has to offer. We hope you enjoy the program and thanks for listening!
podcast 150 (180.4mb) June 28, 2023 Hello folks, welcome to the Security Box, podcast 150. We’re made it! On this podcast, we’re going to talk about Ransomware gangs and the fact they’re now using zero days. We may or may not have a moron, we’ll cover the news and we’ll see what else people have to say as the program progresses. Some Strong Language.
podcast 149 (112.5mb) June 21, 2023 Welcome to the Security box, podcast 149. On this podcast, we may or may not have a moron, we’ll definitely have news, notes and the landscape and a topic talking about a threat we thought was long gone. That threat? Emotet. Its back.
podcast 148 (133.3mb) June 14, 2023 Welcome to the security box, podcast 148. On this podcast, I may have a complete moron with a company, we’ll have news, notes and more. The topic deals with passwords and it isn’t looking that great.
podcast 147 (152.8mb) June 7, 2023 Welcome to the security box, podcast 147. On this edition of the program, I believe I have a very interesting but true story that must be told with the names being changed to protect the innocent, or is it guilty? We’ve got a very interesting article talking about the structure of ransomware groups, and no, we’re not talking about specific named groups, just something that probably wouldn’t surprise someone who reads this type of news. We’ll see what else the landscape has to offer with news, notes, questions and more.
podcast 146 (206.4mb) May 31, 2023 Welcome to the security box, podcast 146. On this podcast, we may have multiple morons; one is a definite, news, notes and a very interesting topic about the proxy services and what they’re up to.
podcast 145 (176.6mb) May 24, 2023 Welcome to the security box, podcast 145. On this podcast, we’re going to talk about anothr Ransomware group that is out there that may be of value because while they may ot be targeting the states yet, they’re attacking and we must be aware of what’s happening.
podcast 144 (171.2mb) May 17, 2023 Welcome to the security box, podcast 144. This show is an open forum. We had no particular topic in mind, but we talk about books, the landscape and more. The show may contain some adult themes, but it is very light at all. This may contain language or other situations. Please be aware of it. Thanks for participating and make it a great day!
podcast 143 (157.4mb) May 10, 2023 Welcome to the security box, podcast 143. Today, we’re going to have a very interesting discussion about the Relationship between Ransomware and Phishing. We know of at least one moron of the podcast, and there is possibly going to be one more. Of course, we’ll have news, notes and any questions from the Clubhouse audience.
podcast 142 (200.8mb) May 3, 2023 Welcome to the Security box. This is program number 142 of the series and this time, we’ve got a topic which hasn’t been covered before at least on our podcast. The topic covers a very interesting endeavor by the government to deal with Cybersecurity. Besides this, we’ll see who gets a moron, we’ll cover the landscape, and we’ll see what else is of value. Hope you enjoy the program!
podcast 141A (47.4mb) Not Aired Welcome to the security box, podcast 141A. On this podcast, we’re going to provide you with a video. This video comes from the BBC, and it does leave some very interesting questions. Contact info is given at the end.
podcast 141 (207mb) April 26, 2023 Welcome to the Security box, podcast 141. On this podcast, Cyberscoop is along to help us diagnose yet another ransomware group. They actually start by attacking Israeli schools, but will it stop there? News, notes and much more.
podcast 140 (222.91mb) April 20, 2023 Welcome to podcast 140 of the Security box. On this edition of the podcast, we’ve got two morons at least and a great topic that may still be relevant even though the SVB fiasco is now past us. We’ll also have the landscape from people who found things of interest as well. We hope you enjoy the show!
podcast 139 (217mb) April 12, 2023 Hello folks, welcome to program 139 of the security box. On this episode, let us talk about email for a bit. Yes, the thing you use to receive announcements about this podcast, maybe other programs you are interested across the network and other places and a way for businesses to communicate with you. According to an article, this method is still the best way to get ransomware and other things on your device. Why is that? We’re going to have news and notes as well, maybe we’ll find out as we post things between now and show time if there are morons, and we’ll also see what the landscape brings.
podcast 138 (217.5mb) April 5, 2023 Welcome to program 138 of the Security box. We’ve got a very interesting musings piece which we’ve blogged as well as another threat we need to talk about.
podcast 137 (177.6mb) March 29, 2023 Welcome to the Security box. This is podcast 137 of the program and we’re not slowing down. At least, not yet. On this edition of the program, we’ve got at least one moron of the podcast, we’ve got a very interesting update on Sandworm and of course we’re going to have some great news items as well as anything else from the audience.
podcast 136 (170.6mb) March 22, 2023 Hello everyone, welcome to podcast 136 of the security box. On this edition of the program, we’re going to talk about a group that has quite a bit up its sleve. We also have a bunch of news from around the landscape, a familiar foe that could in theory get the moron of the podcast yet again and much more. We hope that you enjoy the program and thanks for listening!
podcast 135 (104.1mb) March 15, 2023 Hello folks, welcome to podcast 135 of the security box. On this podcast, we’re going to talk about the court system allowing the lawsuit to continue against one of the most proliferated companies who continue to claim they don’t do anything wrong and their software that is used by law enforcement to solve crimes. Who is that group? The NSO group out of Israel. We’ll also have news, notes, at least one moron of the podcast, but rumor has it that we have a few, and much more.
Podcast 134 (117.7mb) March 8, 2023 Hello folks, welcome to the Security box, podcast 134. This podcast is going to talk about PBKDF2, an encryption algorithm that is used in certain situations. We’ll also have a moron of the week, maybe two, maybe more! We’ll also dip our toes in the landscape and see what is on other folks minds.
podcast 133 (162.5mb) March 1, 2023 Domains, schemes, scams, tiktok, the landscape and much much more on this open forum of the program. Hope you all enjoy the program!
podcast 132 (131.4mb) February 22, 2023 Welcome to the security box, podcast 132. On this edition of the program, we’re going to talk about a newcomer I think, one that might be and up and comer. We have a rumor that we might have at least one moron, but who knows how many. We’ll have news, notes and other commentary as well. Rumor has it, we’ve got a surprise while making a phone call before last Saturday’s security hour that someone who I thought wouldn’t read books is reading the same book several of us are reading. Find out as you listen to the podcast edition of the program.
podcast 131 (130.1mb) February 15, 2023 Hello everyone. Welcome to program 131 of the Security box. I hope you’ll enjoy what we have to offer you today. On this podcast, we have a rumor that indicates that we’ll definitely have at least one moron of the podcast, maybe more. We’ll also have the topic of the Q4 threat trends Report from Phishlabs as well as questions, comments and more. We hope you’ll enjoy the program and thanks for listening!
podcast 130A (44.6mb) Not Broadcasted Hello everyone. Welcome to podcast 130A. We’re going to rebroadcast a podcast from Cyber Crime Magazine about the book Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency which is also linked on our resources page.

I found the program of interest, and this could in theory be my next book. I hope that everyone enjoys this interview about the book!

podcast 130 (144.3mb) February 8, 2023 Welcome to the security box, podcast 130. On this show, we’re going to talk about a very interesting article that covers the fact that Coppa is out of date and congress hasn’t done anything about it. We’ll have news, notes, commentary and more. Who knows, will we have a bonehead award of the podcast? We’ll have to see. Some Strong Language
podcast 129 (144.8mb) February 1, 2023 Hello folks, welcome to the security box podcast 129. Last week, we talked about the government, but there’s more to the story in which people may not be aware of. The article talks about how the government has more to do, yet they tell us to patch, update and the like. News, notes, bonehead awards and more are here. Some strong language.
podcast 128 (127.4mb) January 25, 2023 Welcome to the Security box, podcast 128. On this podcast, we probably have two morons of the podcast, one of which should’ve gotten it before we came up with the idea. We also ask the question, What’s going on over at CISA? This acronuym stands for Cybersecurity and Infrastructure Security Agency. News, note and upcoming rooms are also discussed. Nick was on location, we’re glad he called in. He gave his thoughts on upcoming rooms, the podcast in general and more. Enjoy!
podcast 127 (106.9mb) January 18, 2023 Welcome to the security box, podcast 127. This time, we’re going to talk about something I don’t think any podcast has ever covered. What that might be? That would be Bullet Proof Hosting. What is it? Why is it such a problem? How can you stay away from companies that allow such a thing? We talk about the Lastpass ordeal with a big time update, Norton Lifelock password Manager and more. Thanks so much for listening!
podcast 126: (94.2mb) January 11, 2023 Hello folks, welcome to the security box. On this edition of the program, we’re going to talk about your security posture. We’ve got two bonehead of the day awards and plenty of discussion both in news and our main topic! Stay tuned for our next podcast, we’ll be here again soon!
podcast 125 (147.3mb) January 4, 2023 Welcome to podcast 125 of the Security Box series. On this edition, let’s talk about a new book we found during the break, one in which might be of interest since we’re going to talk about security posture later. The book is titled The Ransomware Hunting Team: A Band of Misfits’ Improbable Crusade to Save the World from Cybercrime by Renee Dudley and Daniel Golden. While it doesn’t cover your posture per say, it does cover a team who is behind you in the fight and understands the struggles. You see, its not all your fault, we understand that. You could even do everything right, including having the right training. Then, we cover two articles after covering the news that covered year end trends and we discuss what might be seen based on these articles and the statistics they have.
podcast 124 (166mb) December 14, 2022 Welcome to the Security box, podcast 124. On this podcast, we’ve got news coming out of Security Now about another root Certificate company that is no more. We’ve got news and notes from around the landscape, and Ransomware payments have hit at least a billion dollars. All this, including questions, comments and other miscellanious activity on today’s show.
podcast 123 )132.9mb) December 7, 2022 Welcome to the security box, podcast 123. Today, we’re going to cover the psychology of passwords 2022 report. We’ll also have the news from around the landscape, maybe an asshole award of the podcast if one is warranted and much more. I hope you enjoy the program as much as I enjoy bringing it to you.
podcast 122 (147.92mb) November 30, 2022 Welcome to the Security Box, podcast 122. On this podcast, we will be covering some news that came out of Freshbooks on Wednesday, November 23, 2022. We’ll also be covering Card Skimming and how it disproportionately is a disadvantage to people who use EBT cards. We’ll also have plenty of news and notes from around the landscape and we’ll also see what else people want to talk about as we return from our Thanksgiving break.
podcast 121 (126.17mb) November 16, 2022 On TSB 121, we’re going to talk about whether it is a good idea to be using various services like 4square, facebook and other check in services to check in to places and post to social media. This started after someone complained on Facebook about how the auto checkin broke, and how they wanted to have it work so their friends on the other side of the world can be confident he made it OK. We’ll also have news, notes and conversation about other things that people want to talk about as well. Thanks so much for listening!
podcast 120 (156.64mb) November 9, 2022 The Security box, podcast 120 has plenty in this program which is over 3 hours in length. We have at least one asshole of the podcast, possibly two, you judge. This podcast talks about the landscape and your money, talking about tools and techniques that you might be able to use to make sure you’re as safe as possible. We talk about the podcast scheduling, what’s coming up, and the scheduled breaks.
podcast 119 (170.93mb) November 2, 2022 On this podcast, we cover the launch of my newest project, then get in to social media and the intricacies of it. Hope you enjoy the show! I enjoyed doing this show, and this is one of those that may go over like this one did. Its not common, but it does happen. This is program 119 of this series. Thanks again for listening!
podcast 118 (124.55mb) October 26, 2022 Welcome to podcast 118 of the Security Box. On this show, we’re going to talk about books. Not all books may be covered due to time constraints, but we’ll list all of the ones here. Question is, what kind of books? These books are dealing with security in one way or another. News, notes are covered as well. 6 out of the 8 were covered in full, but all were covered when its all said and done. Two were covered in short order, summarizing where one left off and another began. This list, as well as any others that might come out in the future, are linked on our resources page of this web site.
podcast 117 (137.32mb) October 19, 2022 Hello folks, welcome to the Security Box. On today’s program, besides talking about the beta of EMHS which is still in development, we finally touch on something I tried to cover in earlier podcasts. What is that, you say? That’s DomainKeys Identified Mail otherwise known as DKIM. We’ve been needing to cover this for quite awhile, but I’m not familiar if whether we did, and while other topics we’ve covered on NCSAM this year we’ve covered in the past, this one I don’t think we did. We also cover the news from the blog and other things on participents minds. I hope that you enjoy the program as much as I have bringing it together for you, and thanks so much for listening! We can’t do the show without you.
podcast 116 (91.75mb) October 12, 2022 On this program, I’m alone today talking about SMS and its very interesting issues. I’m not saying its a bad thing, but there are things about it that can be of interest. The linked article may need work, but can be used to gain knowledge. Knowledge is power, and we don’t cover it word for word. I hope you all enjoy the program as much as I have bringing it to you, and we’ll be back next week.
podcast 115 (197.22mb) October 6, 2022 Welcome to program 115 of the Security box. Today, we talk about domains and SSL and plenty of news stuff too. The first hour and a half of the over 3 hour program is news related, check the blog for complete details on things or subscribe to the TSB list itself. Full show notes have links to resources and more.
podcast 114 (182.31mb) September 28, 2022 Welcome everyone to the Security box, podcast number 114 on the technology podcast series. On this podcast, we cover some of the news from around the landscape, and then we start NCSAM. What is NCSAM you ask? It stands for National Cyber Security Awareness month, and various countries call it something different, and may cover different things. On week 1, which officially starts on October 1, we talk about passwords. Besides learning about 10 passwords that you should probably not use, the artivle we take from takes this in to aidifferent demention, covering different categories like food and drink, curse words, sports and more. News, notes, commentary and more as well. Article to the Cybernews article on the blog.
podcast 113 (135.15mb) September 21, 2022 Welcome to the Security box, podcast 113. On this episode of the program, the biggest topic is “Violence as a service” as it is being talked about on multiple podcasts. News, Notes and plenty more.
podcast 112 (131.69mb) September 14, 2022 Who Knew! Podcast 112 is going to talk about one time passcodes being a corporate liability to business, as actors or cybercriminals can take advantage of the common user to give up these codes so they can log in and take control of one account. How 1-Time Passcodes Became a Corporate Liability is the article we’ll be referencing, and there is no wrong answer when giving your opinion on this one. This article comes from Brian Krebs, shortly after the fiasco that we didn’t talk about last podcast which the article that finally got published covered, his blundering mistake which wasn’t IMHO. With that said, we’ll have news from around the landscape and we’ll see what others within the club have to say about this or anything else on their mind.
podcast 111 (142.71mb) September 7, 2022 Hello everyone, welcome to the Security box, podcast 111. On podcast 111, hopefully we’ll be on the cooldown past the 110-115 we’ve been feeling since last podcast, but yet, we have a topic dealing with the mobile carriors that is of interest. Seems as though they hold on to our geolocation way too long in my opinion. Article on the blog, but well worth the research. News, notes and more.
podcast 110 (124.97mb) August 31, 2022 Besides news notes for podcast 110, this program talks about an article we found on the Paypal invoicing issues that has arrisen. Seems as though legitimate accounts were used to send real invoices out, yet the invoices were not sent by the legitimate owner.
podcast 109 (118.21mb) August 24, 2022 Welcome to the Security Box, podcast 109. On this podcast, besides doing a recap of the news because of our tech problems, we’re going to cover some court news that probably doesn’t surprise some of us.
podcast 108 (138.62mb) August 17, 2022 On podcast 103 of the Security box, we talked about some proxy services that could have been deemed bad proxies. Now, in another two-part section, we learn that all of these proxies are now down. What happened to these proxies? News, notes and commentary throughout as well.
podcast 107 (156.84mb) August 10, 2022 Welcome to program 107 of the Security box series. On this edition, we’re going to talk about something not too many people know about. Its called Gootkit Loader’s and they can be very dangerous. These can contain something called fileless malware which makes detecting them harder. Trend Micro has talked about fileless malware before, and you can put in fileless malware plus adding trend micro to find postings covering this topic.
podcast 106 (186.13mb) August 3, 2022 Welcome to podcast 106 of the Security Box. No, we’re not covering animals, but there is a new term called Pig Butchering that is now out there. According to the article, it seems to be covering a lot of varying scams which may include Crypto, romance, and investment just to name a few. Don’t let me tell you about it in the show notes, the article is titled Massive Losses Define Epidemic of ‘Pig Butchering’ and it comes from our buddy Brian Krebs. Besides that, we’ll go through the blog, we’ll see what other things participents want covered, and maybe we’ll answer any questions that might come across. Thanks so much for listening and make it a great day!
podcast 163.28mb) July 27, 2022 Welcome to the Security box, podcast 105. On this program, we’re going to talk about GPS systems and something that may affect everyone who drives and uses a certain product. This is a Cyberscoop article titled Attackers can surveil, disrupt vehicles outfitted with popular GPS tracker, CISA warns which was quite interesting. I also spotted this being covered by Kim Komando and her staff. I blogged about it in this blog post for those who want to link to it. We also will have news from around the landscape and whatever else people want to cover that they have read. Hope you enjoy the show!
podcast 104 (122.22mb) July 20, 2022 Welcome to podcast 104 of the Security Box program. I hope that each and every one of you enjoyed our look back at the two year anniversary and what might have interested people during the past year. As I prepare for podcast 104, if you, the listener, want to contribute thoughts on what interested you from the past year or even since the show’s inception, please contact me through the contact the DJ’s page on 986themix.com or listen to the program for full contact details. On this edition of the program, we’re going to talk about an older article titled DEA Investigating Breach of Law Enforcement Data Portal. Its a Krebs on Security article which was sent to the Security Box list in the month of May. The sad thing is, we’ve not heard anything since, and that may not necessarily be a good thing. Besides that, we’ll check with listeners who have decided to join us on Clubhouse and other participants to see what has caught their attention through the landscape.
podcast 103 (185.96) July 13, 2022 Hello everyone, welcome to the Security bbox, podcast 103. With only one week missed due to commitments, we’ve reached the two year anniversary of this program on the mix. I hope that we can continue to provide plenty of material as this community still needs to learn what is out there to protect themselves. Nobody is perfect, even yours truly has made mistakes. The question is, do you learn from yours? As we reflect, podcast 52 which was on July 14th of last year, delbt with the water hacks which could have done some serious damage. While we overcame that and learned from that, we’ve got a bigger issue and that has been the war that Russia has been involved with as Ukraine was its first target and now they’re going ahead and targeting other nations. We talked about this war and its potential impacts on this very program and other rooms on Clubhouse. Now, some of what you might see and discussed on this and other circles will be coming true as predicted. No expert said when it would happen and if, but it seems that it is. With that said, today’s main topic is going to cover two articles and one man. Links to these articles and news notes and more along this podcast.
podcast 102 (173.74mb) July 6, 2022 Hello everyone! Welcome to podcast 102 of the podcast. On this edition of the podcast, we’ll step through one of the best emails I’ve ever seen. I saw this at the end of June, and it woke me right up. It is the best email that would prompt an issue that may not be the case, if you actually stop, look and do your due dilligance.

blog post

Our topic talks about whether lawmakers will be able to get our data back in to our hands as its getting sold to third party countries like China and Russia. News notes and more.

podcast 101 (127.53mb) June 29, 2022 Welcome to podcast 101 of the Security Box Podcast series. On this podcast, we did find another “Asshole of the podcast” award. We also are going to talk about Google finding something very interesting in their research department. News, notes, commentary and more as well.
podcast 100 (132.02mb) June 22, 2022 Welcome to podcast 100 of the Security Box. I can’t believe this series is already at 100, and its been growing strong with lots of discussion, and of course comments on things that people have found of interest. This starts the bonehead award of the podcast with an article, two topics with one of them dealing with privacy legislation, and of course those dreaded vehicle warranties that we know nothing about was also discussed. News notes and more as well. Thanks for reading, participating, and listening! I greatly appreciate your support.
podcast 99 (111.60mb) June 15, 2022 Welcome to the security box, podcast 99. We’re excited to bring you another great show. First, in our chat section, we’re going to talk about KrebsOnSecurity in New Netflix Series on Cybercrime which I’ve already bookmarked as I signed up for Netflicks. I also watched another movie titled Cyber Hell. (subscription required) Movies and documentaries like these are great to get out in the community, and the Cyber Hell movie I heard of somewhere, probably on clubhouse. There’s more including one I talked about some time back, but this will get us started. We also have an article about protecting our own shield from all of the breach and other disasters we hear about. News notes commentary and more as well.
podcast 98 (133.20mb) June 8, 2022 Welcome to the Security box, podcast 98. This is a bit of a technical difficulty show, starting with Clubhouse having some sort of trouble, and then the software too. Despite these, the show went on. We had a chat session that talked about social media and Paypal, see the blog for Paypal. The main topic is Chinese state media propaganda found in 88% of Google, Bing news searches which we step through. If you have any questions or comments, please reach out. Thanks so much for having an interest in our show, and we’ll be back next week!
podcast 97 (90.61mb) June 2, 2022 Hello everyone. Breach Fatigue is probably on everyone’s minds, and I think its time that we talk about it. Luckily, there’s an article titled Combatting Breach Fatigue comes from Lastpass and I thought it should be talked about. News notes other commentary and more as well.
podcast 96 (135.36mb) May 25, 2022 Welcome to podcast 96 of the security box podcast series. We’re going to bring back news notes for this program, and we’ve picked out some good stuff. Some may be on this blog, other may not be on this blog. Our main topic is going to talk about the Health Care Industry and whether it is as secure as possible. The reason why we’re going to talk about it is plain and simple, there have apparently been two more attacks on the health care industry, yet, one of them is a non-profit. News notes and more from around the landscape too.
podcast 95 (93.86mb) May 18, 2022 Hello everyone, welcome to the security box, podcast 95. On this program, we’re going to talk about one vulnerability that affects big internet appliances at a CVSS score of 9.8. News notes and anything else from the landscape coming up too.
podcast 94 (99.28mb) May 10, 2022 Welcome to podcast 94 of the security box. On this edition of the program, we’re going to talk about emergency direct requests (EDR’s) as there are now actors out there that will use Fake EDR’s for getting what they want. News, notes and more from the community will also be heard.
podcast 93 (157.76mb) May 4, 2022 We have three topics on today’s podcast. We talk about Amazon, a program that also has a VPN included and some very interesting research from Trend Micro. We’ll also include news and notes from around the landscape as well as thoughts and comments.
podcast 92 (153.51mb) April 27, 2022 Hello everyone! Welcome to the security box, and this is program 92. On this program, we’re going to talk about Conti, again. Bluestreak starts airing our program starting with this episode, news notes and more as well.
podcast 91 (199.12mb) April 20, 2022 Hello everyone, welcome to podcast 91. We’re dealing with the teenage hacker in two different articles. As I’ve determined, there is only one article on the advanced persistent teenager which can also be labeled APT. One article leads to the other, as well as news notes and more.
podcast 90 (117.47mb) April 13, 2022 Hello everyone, welcome to podcast 90. On this edition of the podcast, we’re going to have our main topic on Millions of Android users should delete these 11 apps after Google kicked them out of the Play Store which is an article talking about 11 different applications that we need to be aware of that may have been causing harm. I’d say that IOS users like myself should be aware of these in case these apps make it to the app store and we get messages from places to download them as well.
podcast 89 (69.28mb) April 7, 2022 Hello folks, on today’s podcast, we’re going to cover Explaining Spring4Shell: The Internet security disaster that wasn’t as our main topic. We will cover some of the other landscape as well as any other topics the public has to offer.
podcast 88 (103.19mb) March 30, 2022 The Internet is a complex thing. There are different types of internet connections, some are most common than others, but all are important. In a recent article I spotted, the connection known as Sattelite Internet was targeted apparently by Russia, but that is not confirmed. The article is titled A mysterious satellite hack has victims far beyond Ukraine. We’ll also have other topics that might be of interest and we’ll see what others have to say as well. Thanks so much for listening and enjoying the program!
podcast 87 (191.01mb) March 24, 2022 Welcome to podcast 86. On this podcast, we’ll cover Windows Update. I only have one article now instead of the two, so we’ll have to see how I can get the other back. Besides that, we’ll have comments from the Clubhouse room and other topics they may want to bring up.
podcast 86 (145.02mb) March 16, 2022 Welcome to podcast 86. On this podcast, we’ll cover Windows Update. I only have one article now instead of the two, so we’ll have to see how I can get the other back. Besides that, we’ll have comments from the Clubhouse room and other topics they may want to bring up.
podcast 85 (199.21mb) March 9, 2022 Today, the Security box takes a break from day to day activity although we’ve covered some scam type activities and even went through how I got started in this industry and how I think information can be given out successfully.
podcast 84 (151.04mb) March 2, 2022 Welcome to podcast 84 of the security box. This time, let’s discuss Russia’s involvement in pure problems. Now, they have decided to go to war, and its against Ukraine. They’ve been known to do DDOS attacks, ransomware attacks, spreading information that is not true or partially true or even completely false, denying many different things through the years like the 2016 and 2020 presidential campaigns, and even more may be in the pipeline. Within the full show notes within the blog, we link to all of Mark Russinovich’s books as they do qualify as something that should be read. We also link to blog posts from around the landscape at that time.
podcast 83 (155.91mb) February 23, 2022 This podcast starts off with a discussion about Sim Swapping which started from a discussion I had several days back with someone who assists me at my home. There are several articles and a blog post of mine linking to T-Mobile’s breach. We also have Trickbot updates as well. The public on Clubhouse got in to a Spam discussion with one talking about the spam messages they were getting. While educational, we did some good laughs in this program and we thank everyone for participating on clubhouse’s platform. Tunes were also played during the program. We can’t forget any news notes discussions as well.
podcast 82 (139.66mb) February 16, 2022 Hello everyone! Welcome to podcast 82 of the Security Box. This week, we’ll catch up on Windows Update, and we will also cover a lot of other stuff from the blog as well. We’ll also see what else the listenership and participents in Clubhouse want to talk about.
podcast 81 (137.32mb) February 9, 2022 Hello folks, welcome to podcast 81 of the Security Box! It seems like its time for an update on a very interesting character isn’t it? Its time for another update on the fake investor we’ve covered since podcast 10. I know that I’ve linked somewhere on the blog all of the podcasts we’ve covered John Bernard, and this is going to be one of those podcasts. What has he done lately? This article titled Fake Investor John Bernard Sinks Norwegian Green Shipping Dreams from Krebs on Security has the entire details on what he has been up to now and a reminder of his past. Besides all of this, we’ll step through the news that has been posted to the TSB list as well as on our blog.
podcast 80 (148.38mb) February 2, 2022 Welcome to podcast 80 of the Security box. On this edition, let’s talk about WordPress. While it is a good platform for people to use for web sites and even blogging as I do, it can come with risks we need to be aware of.
podcast 79 (78.52mb) January 26, 2022 Welcome to the security box, podcast 79. I probably am not surprised really about what we’re going to talk about, and it was talked about on Throwback Saturday Night’s security segment. Now, we’re going to take our time on it, because I feel we need to. What are we talking about you might ask? Toronto lab finds security vulnerabilities, censorship framework in Olympic app is an article talking about the olympics and a new app the IOC basically says is completely safe to use. Researchers are saying differently, and one major problem that two of us see brings this to full circle. Thanksgoes out to DJ Terry of the Mix for bringing this article full circle!
podcast 78 (93.57mb) January 19, 2022 Welcome to podcast 78 of the Security Box. As we do typically on the podcast, we spend some time catching people up on what has been going on in Redmond, Washington with Windows Update. The biggest news from this update was a wormable flaw, and the article is linked within the show notes on the blog. Thanks so much for listening!
podcast 77 (86.33mb) January 13, 2022 Hello folks, welcome to the security box, podcast 77. Google fixes nightmare Android bug that stopped user from calling 911 is our main topic of today’s program, but I also cover other tech and other odds and ends too. We did have one guest available to chat with us, and we thank them for coming. We hope you enjoy the program and the few tracks at the end, and thanks so much for listening!
podcast 76 (64.55mb) January 5, 2022 Welcome to the Security box, podcast 76. On this podcast, we’re going to talk about advertisers who are sucking up student data, even though legal action was taken. We’ll also have comments and news items from the public if any, maybe some other topics if it turns in to one, and we’ll see what else comes up.
podcast 75 (80.82mb) December 22, 2021 Welcome to the Security Box, podcast 75. On this edition of the podcast, come with me as we do a little predicting for 2022 with a Trend Micro article titled Pushing Forward: Key Takeaways From Trend Micro’s Security Predictions for 2022. We’ll also have thoughts on recent news read, and its been decided that the full news notes segment will be no more in favor of topics that need discussion. This doesn’t mean that we won’t cover news, but we’ll cover it a little differently.
podcast 74 (107.84mb) December 15, 2021 Welcome to the Security Box, podcast 74. On this podcast, something breaking this week called Log4j. We’ll break down three different articles that talk about this. Instead of me doing news notes, we’ll ask listeners if they have any thoughts on what they have read. There may be questions, comments and other topics not mentioned here for you to enjoy too.
podcast 73 (127.22mb) December 8, 2021 Hello folks, welcome to the security box, podcast 73. On this podcast, plenty of news notes and a very interesting topic dealing with AT&T and appliances that are made to bridge the gap between the ISP and the managing of phone calls, conference video systems and similar real-time applications. We hope that you’ll enjoy the program and thanks for listening!
podcast 72 (211.10mb) December 1, 2021 Welcome to the security box, podcast 72. On this program, we’re going to play with Linux a little bit as we discuss a vulnerability in the way it works as it can cause DNS cache poisoning. We’ll also have news, notes, commentary and more if people have things they want to share.
podcast 71 (143.50mb) November 24, 2021 Welcome to the Security box, podcast 71. On this podcast, we’re going to cover things we did not cover last podcast including windows update and a very interesting report dealing with the threat trends for November 2021. We’ll have news notes and plenty of it too. Hope you enjoy the show!
podcast 70 (153.74mb) November 17, 2021 Welcome to podcast 70 for the 17th. Its open forum today, hope you all enjoy it! Lots of different topics. Hope you enjoy!
podcast 69 (153.60mb) November 10, 2021 Welcome to the security box, podcast 69. On this edition of the podcast, we turn our attention to another story, bullying over the telephone lines. We have some news, notes and commentary as well, but the bulk of this program is to think about what might go on these lines whether it is one you are on now, or one you’ve been on. Thanks for listening!
podcast 68 (146.76mb) November 3, 2021 Welcome to the Security Box, podcast 68. On this edition of the program, let’s talk about social media and phone line issues as it relates to cyberbullying and other related topics. We’ll also have news, notes and more.
podcast 67 (153.52mb) October 27, 2021 Welcome to Week 4 of NCSAM. This week, we’re going to cover protecting your children online. Notations are taken from a presentation I heard about the topic, and I’ve summarized it to tell possibly some stories that may be similar to something you’ve heard or seen. We’ll also have news, notes and other comments as the program gets started.
podcast 66 (148.31mb) October 20, 2021 Welcome to the Security Box, podcast 66. Is 66 a lucky number? T-Mobile and Verizon are in the news with Spam messages, AT&T is in the mix as well in passing, Google is getting in the mix with two-factor authentication on more accounts, as well as news, notes and more.
podcast 65 (171.40mb) October 13, 2021 Welcome to the Security Box, podcast 65. On this podcast, let’s discuss an article we read after the release of last week’s program in regards to Twitch and their recent breach we were alerted to during the live taping of the program. After that, we’re going to cover more NCSAM and even have some news notes. We’ll do news notes the same as we did last week, as it turned in to a lively discussion. I hope you’ll enjoy the program, and thanks so much for listening!
podcast 64 (147.23mb) October 6, 2021 NCSAM is now in full swing, this week, Are You Cyber Smart? A Checklist from Lastpass will be what you need to look at with 5 great tips and things that might be of interest to you. In my writeup of this, I talked about the Neiman Marcus breach and how people should be aware of it even if they aren’t affected. We’ll have news, notes and more. Hope you’ll enjoy the show!
podcast 63 (115.79mb) September 29, 2021 Welcome to podcast number 63 of the Security Box series. On this podcast, come and learn about the password trends of 2021, thanks to lastpass’s article. Next, a 5.9 million dollar ransomware paid by a farming co-op and a very interesting discussion I heard recently about this. We’ll definitely have some news and notes from around the landscape, and even some commentary from any guests that participated through Clubhouse on the live program as well as anyone else through email, imessage and other contact points.
podcast 62 (130.13mb) September 22, 2021 Welcome to the Security box, program number 62. On this program, we’re going to cover Windows Update as well as a very interesting article from Krebs about a new botnet that seems to have done quite a bit of damage. It is an IOT botnet called Meris. We’ll also have news, notes and lots more.
podcast 61 (125.16mb) September 15, 2021 Welcome to the Security Box, podcast 61. On this podcast, let’s discuss the updates on CSAM as it pertains to Apple. We’ll have news, notes and more.
podcast 60 (124.48) September 12, 2021 What has changed on the security landscape? We learn about T-Mobile’s recent failure, and even web sites are braught up as well as broadcasting software among other things. This turned out to be a very interesting show. What do you think has changed? What have we done wrong? What do you think it’ll take to fix it if it can be fixed at all? No news notes this week, but they’ll be back next week.
podcast 59 (243.22mb) September 2, 2021 Hello folks, welcome to the Security box, podcast 59. On this edition of the program we have two different prerecorded segments for you. First, we interview Scott Schober of Berkeley Varitronics Systems, Inc. He’s written various books which we talk about, as well as some of what is going on in the security landscape. Next, we have a talk that was done by Phishlabs, who did the Quarter 2 Phishing Trends report. To top it all off, we’ll have news and notes from around the landscape as well as questions and comments after each segment if any.
podcast 58 (151.53mb) August 25, 2022 Hello Everyone, welcome to the Security Box, podcast 58. Question: what the hell is going on with T-Mobile and their inconsistancies of containing breaches and lying about what they were going to do when they were granted the murger with Sprint? Who is ENISA and why are they saying that system failures are on the rise? Finally, what is the Chaos Ransomware and why could it have impacts beyond a proof of concept? We explore all of these topics, as well as news and notes from around the landscape on this edition of the podcast. Fasten your seatbelts!
podcast 57 (115.38mb) August 18, 2021 Welcome to the security box, podcast 57. We have three topics for you today, and I hope that you will enjoy them. The first topic for this podcast will be talking about the name game of the ransomware gangs we have out there. The second topic which was totally forgotten is of course Windows Update and what is happening with that operating system. Finally, probably the most contravercial topic we have to date, Apple and how they’re handling the images that people may have that are backed up in to icloud that deal with children and the potential of abusive images of a sexual nature. We will also have news notes and commentary as well, buckle up as you don’t know what’ll happen with these topics! The program may contain adult content, and listener disgression is advised.
podcast 56 (145.93mb) August 11, 2021 Welcome to the security box, podcast 56. Two comments will start us off as someone commented on the replay of our show from last week. Both are good comments worth bringing up. Next, we’ve got a topic that might be of interest talking about the lifecycle of a breached database. Next, let’s find out how the government is doing with their Cyber Security. What did the senate report find? Find out in our second topic. We’ll have news notes and commentary as well.
podcast 55 (111.84mb) August 4, 2021 Welcome to the security box, podcast 55. On this edition of the podcast we’ve got two Sans News Bites headlines, topics including a very interesting story on someone named “PlugwalkJoe” I.E. Joseph O’Connor, a topic on a new ransomware gang called Black Matter, and we’ve also got several news items including one that isn’t an article but intrigued me when listening to the TWIT network. All of this plus anyone who had questions, comments or took part in the discussion, as podcast 55 gets started.
podcast 54 (120.10mb) July 28, 2021 Remember, the number given does not belong to my box on livewire. Hello Everyone! Welcome to podcast 54 of the Security Box. On this edition of the program, learn about Windows 11, the latest Microsoft operating system and what scammers are doing to monitize even while this version is still in beta. Next, come with us and learn about the latest in the average ransomware payments as it looks like they are declining, for now. We’ll have news, notes, hopefully calls with questions or discussion throughout. If you want to leave feedback and you’re listening through the podcast, call 602-887-5198 or email, imessage, whats app, or text your thoughts. The lines of communication are given throughout and I welcome what you have to say.
podcast 53 (184.06mb) July 21, 2021 Hello everyone, welcome to the security box, podcast 53. On this edition, we’ll be talking about some of the things that articles talk about in regards to Windows Update that came out the week of July 16, 2021. Seems like we had good success with last week where we opened the phone lines for others to participate in an open forum, so we’ll do that again and see what happens and if people participate or not. You can always comment after the fact by calling our voice mail line at 602-887-5198 and letting me know you want your comments aired. We’ll also have some news notes and maybe a discussion on those as well. Remember that the number listed here does not belong to my box on livewire any longer.
podcast 52 (153.57mb) July 14, 2021 Welcome to the security box, podcast 52. On this podcast, let’s talk about the water supply hacks and the growing threat of them through the help of an interesting article by Last Pass. After that, we’ll see if people partook in an open forum of topics they want to talk about, and of course, news, notes and highlights from the landscape that have been read.
podcast 51 (82.07mb) July 7, 2021 Hello folks, welcome to the security box, podcast 51. On this edition of the program, we continue with Phishlabs and their q1 Phishing and intellegence report talking about Top Level Domains and certificate abuse. Next, Michael in Tennessee sent me an article talking about one email which exposed hundreds of email addresses. We’ll also have news and notes, people can call and comment as usual, and we’ll see where the show takes us.
podcast 50 (113.94mb) June 30, 2021 Welcome to the security box, podcast 50. On the big 50th episode, we’ve got quite a bit of news notes to cover this week. Besides that, we’re continuing with Phishlabs and their ongoing rundown of the Q1 Intelligence Report, this time, talking about free tools and their abuse. We hope that users find this of interest like I did. Of course, the lines of communication are always open whether on the show or podcast.
podcast 49 (78.01mb) June 23, 2021 Hello folks, welcome to the Security Box. We don’t have news notes this week, however, we have two topics. We hope that news notes returns next week. This means that you, the listeners, might be giving us things you’ve read and your thoughts on it. We’ll see if that comes to pass. The topics are: office 365 in Q1 having credentials taken and how does one get hired by a top cybercrime gang?
podcast 48 (134.134.69mb) June 16, 2021 Welcome to the Security Box, podcast 48. On this edition of the podcast, we’ve got two topics for you. The first is probably one you can file in the “I can’t believe I read this crap” department, while the second deals with Windows Update and what we had to look forward to there. We’ve got news notes with quite a number of very interesting items, as well as taking your calls, voice messages and stories to boot.
podcast 47 (89.14mb) June 9, 2021 Welcome to the security box, podcast 47. On this podcast, we’re going to talk about Security. A video which I found on Ted Talk’s youtube channel will lead this discussion. We’re also going to talk about an article from Lastpass talking about protecting your business from data breach trends. It talks about something we’ve talked about, supply chain attacks. Speaking of supply chain attacks, Jennifer talks about our top story from our show notes, and we’ll address any concerns from that as well. We’ll have news, notes, questions, comments and more. Thanks so much for listening!
podcast 46 (146.42mb) June 2, 2021 Welcome to podcast 46 of the Security Box. On this podcast, Michael in Indiana is along with an update about a company we talked about in News Notes on podcast 39. We’ve got a topic dealing with a company that has been able to take advantage of the dark marketplace as they dominated this space very quietly since 2018. We’ve got a topic also on Ransomware forcing a major speaker manufacturer you all may be aware of, Bose. We’ll have news, notes, questions, comments and more. While I did get a new number at the new company, the phone number doesn’t belong to me through livewire, and we later determined that it was not needed to have a voice mail line.
podcast 45 (92.47mb May 26, 2021 Welcome to podcast 45 of the security box. We have three topics and some news notes for you on today’s program. The first topic covers 4 vulnerabilities which gave full control to a device of the Android variety. The second comes from Cyberscoop which covers the government and cyber security. This time, Conti went after the U.S. healthcare industry. Finally, Irish authorities looked in to ransomware difficulties. We have news notes and more as well!
podcast 44 (145.04mb) May 19, 2021 Welcome to the Security box, podcast 44. On this episode of the program, its time to make sure we’re all caught up on Windows Update and what may be important to you. Next, we’ll talk about a task force that hopes to disrupt ransomware payments. We’re not done with Experian yet, and we’ll have a things to ponder on this particular article I read about their API which is apparently disabled for at least one vendor. We’ll also have news, notes, commentary and questions from listeners if any, and yes, even podcast listeners can join the fun. Podcast listeners can dial 623-263-8934 to leave a voice message, just follow the prompts. Email, Imessage, text and whatsapp are all given throughout the show. Note that the number given here no longer goes to me but was valid at the time of podcast. It was a livewire number which isn’t valid.
podcast 43 (96.08mb) May 12, 2022 Welcome to the Security box, podcast 43. On this edition of the podcast, we’ve got two topics. The first talks about a fake vaccine web site that is now shut down, thanks to the US Government. The second topic talks about the Exim 21 bug that recently hit headlines. We’ll have news, notes, your questions comments and any catch up from any older podcasts.
(83.73mb) May 5, 2021 Welcome to the security box, podcast 42. I think I’ve got two very interesting topics. One of these topics is the ongoing saga over at Experian. We know they had a big time breach, but do we really know what else is going on at the company? Brian has the entire details. Finally in the topic department, we know Ransomware has taken a big toll during the pandemic and there is no slowing down in that department. According to Cyberscoop, demands are higher by 43 percent so far in 2021. We’ll talk about it. I’ll also give you some news and notes, although it may be dated. Your questions and comments are always welcome, so please get in touch! I hope you enjoy the program as much as I have putting it together!
podcast 41 (74.58mb) April 28, 2021 Welcome to the Security Box, podcast 41. On this edition of the podcast, we’re going to talk about Ubiquiti and their big time breach, as well as something I recently read from Park Mobile and their potential breach. We’ll have news, notes and more.
podcast 40 (96.72mb) April 21, 2021 Welcome to podcast 40 of the Security Box. On this podcast, we’re going to have our main topic that deals with the Windows Updates which you may have been prompted to install. Instead of news notes, I’ll pick a few of the articles and we’ll see what you think about them as I’ll give my thoughts. No full news notes this week, but plenty of content to boot. We hope you enjoy the program, and thanks for listening!
podcast 39 (105.94mb) April 14, 2021 Welcome to podcast 39 of the Security Box. Looks like we’ve got commentary from the replay of broadcast 38’s airing. We’ll answer any questions from those comments if any, as well as talk about yet another story I read afterword in regards to Facebook and why it might be a good idea to remove your telephone number or use something like Google or Text Now as your number instead of your primary one. We’ll have news, notes, commentary and more. We hope you enjoy the program as much as I have bringing it to you. Thanks for listening!
podcast 38 (100.84mb) April 7, 2021 Welcome to the Security box, podcast 38. This week, we had planned to go back to DKIM and have a discussion on it, but we aren’t going to do that. Why? It looks like news has gotten about Facebooks’s 2019 breach and 535 million people whose information may now be out there on the free Internet as well as it already being sold to the dark web when the initial breach occurred. We’ll have news, notes and more as well as your thoughts and comments to boot. Enjoy the program!
podcast 37 (166.76mb) March 31, 2021 Welcome to the Security Box, podcast 37. On this episode of the program, we’re going to talk about something I don’t think people know much about dealing with email, verification of domains in the process, the standards of what it is and how it came to be. We will also cover a very interesting webinar that I listened to by Trend Micro that delbt with the security predictions for 2021. We’ll also have news, notes, questions, comments and more as the show progresses and the listeners choice on whether they have something to contribute. I hope you enjoy the show as much as I have bringing it together for you, and thanks so much for listening!
podcast 36 (156.08mb) March 24, 2021 Welcome to podcast 36 of the security box. On this edition of the program, we’ll be talking about password managers. Herbie Allen is along with a Things to Ponder section talking about Scams, one in particular dealing with Amazon. We also have a webinar that will be of interest from F-secure. We’ll have news, notes and more. Hope you’ll enjoy the program!
podcast 35 (91.35mb) March 17, 2021 Welcome to the security box, podcast 35. We talk about Clubhouse, the security of audio apps like clubhouse and what experts are saying. We also have news, notes, questions, comments and more. Enjoy!
podcast 34 (130.94mb) March 10, 2021 Welcome to podcast 34 of the Security Box. On this edition, we’ll pick up where we left off on the Key Logging aspect of our discussion and we’ll have news, notes, commentary and more. We also have something from Michael in Tennessee who sent us a video of 12 Android apps you must get rid of. Some of these, are quite interesting. News notes include solar winds and their password, exchange server news, lastpass offering SMS and phone calling options for their two factor and more. Hope you enjoy the program as much as I am bringing it together for you.

podcast 33 (140.88mb) February 24, 2021 On this podcast, we continue where we left off with our Key Logging topic, and we’ll also have news, notes, questions, comments and concerns. Hope you’ll enjoy the program as much as we have putting it together for you.
podcast 32 (141.06mb) February 17, 2021 Welcome to the security box, podcast 32. On this edition of the program, we’re going to talk about keystroke loggers. I found a Wikipedia article which is detailed and there could be a possibility that this goes in to multiple weeks. We’ll also have news, notes, questions, comments and even a “things to ponder” segment to boot.
podcast 31 (103.03mb) February 10, 2021 Welcome to the security box, podcast 31. On this podcast, we’re going to continue the discussion of domains with several different things that we couldn’t get to from last week. Also, we’ll have news, notes, questions, comments and more. I hope you enjoy the program as much as we have putting it together for you. Notes include the continuation fomains by talking about SSL certificates and how they’re more valuable now thanks to Let’s Encrypt. The notes are extensive, so check the blog for complete notes including more on Solar Winds which continues in to the new year.
podcast 30 (162.57mb) February 3, 2021 Welcome to podcast 30 of the Security Box. On this security box podcast, the goal is to talk about domains. We’ll talk about what a domain is, how they work, a little bit about the IP system, and some recent news in regards to domains, registration companies, look-alike domains and more. We’ll have news, notes, questions, comments and Michael in Tenessee with a segment to boot. The show notes for this podcast is lengthy and should be viewed on the blog as it coveres bullet points, aspects for highlighting and more. Besides that, we’ve got Michael in Tennessee on talking about why it is important to update phones. There’s plenty more, hope you enjoy the show!
podcast 147.27mb) January 27, 2021 Welcome to the security box, podcast 29. On this episode of the podcast, what seems to be the problem with messaging applications such as Whatsapp, Signal and others when it comes to their security? What do you think of for cloud security for 2021 as the pandemic continues? We’ll have news, notes, questions, comments and more including bits from Sans News bites, Trend Micro and more.
podcast 28 (172.62mb) January 20, 2021 Welcome to podcast 28 of the Security Box. On this podcast, a couple of year in review items, news, notes, something called teledildonics or “The Male Chasity Cage” from a recent Security Now podcast, news, notes, questions, comments and more.
podcast 27 (169.67mb) January 9, 2021 Hello folks, welcome to the security box, podcast 27. Trend Micro has a report they do each year talking about the trends of the next year and its worth talking about. Did you know about any of the breaches of the past year? We’ll go through that thanks to Solutions Review, as well. We’ll have news, notes, commentary and more and even a guest to boot if everything goes well. We even talk about Swatting in the things to ponder segment as it was discussed in podcast 800 of the Security Now program. Do you have your security covered? Thanks so much for listening, and make it a great day!
podcast 26 (229.68mb) January 6, 2021 Hello folks, welcome to the security box, podcast 26. Shaken and Stir from podcasts 21 and 23 will be concluded in this podcast, a things to ponder segment on spy applications, news notes and more!
podcast 25 (148.90mb) December 25, 2020 Welcome to podcast 25 of the security box. This podcast was compiled on Christmas day, but was released on the 30th of December. On it, we go through podcasts 341-357 of tech, playing a few segments which were also covered on this podcast like catphishing, some of the security items throughout the year from the blog, and even other highlights. Highlights the security box and some of what we covered in podcasts including two interviews. This podcast is 167 minutes and is the last of the two podcasts before we resume the first week in January. Hope everyone enjoys the lookback, and thanks for listening!
podcast 24 (114.21mb) December 21, 2020 Welcome to program 24 of the Security Box. While the program is not a live program, we’re going to continue to give people up-to-date material that is of importance while we look back in the year in review. All news will be broken up, but we’re only linking to stories in the sections, we are not going to comment on each one like we do for the live show. The tech blog may also have articles with more commentary. Hope you all enjoy the program as much as I have putting it together for you. The biggest news was Solar Winds for this podcast. There are tons of articles that came out in regards to this and the blog has all of those links. We even found some good news that is also linked to the blog as well. Thanks for listening!
podcast 23 (193.60mb) December 16, 2020 Welcome to podcast 23 of the security box. Picking up where we leave off, we continue with Shaken/Stir and its discussion from podcast 21. Besides that, we’ll go ahead and talk about a company which doesn’t really care about the security of its customers. The name has been mentioned in passing, but now its time to talk about some very serious stuff on a podcast. We’ll have news, notes, and more.
podcast 22 (167.09mb) December 9, 2020 Welcome to the security box, podcast 22 picking up the podcast with business email compromise. Besides that, we talk about a couple of people who have been a problem in the phone world, tie it in to phone security, and find out if these guys would be capable of using such tech. Comments also came in about scams when looking for a place to live, and of course some tunes come along with it. Enjoy!
podcast 21 (164.64mb) December 2, 2020 Welcome to podcast 21 of the security box. This week, I thought it would be interesting to take you through the Shaken and Stir protocol. This protocol is supposed to go through and make sure we get adequate caller ID. Besides that, we’ve got news from around the landscape, questions if any, and commentary from prior podcasts if any.
podcast 20 (206.47mb) November 25, 2020 Welcome to podcast 20 of the security box. On this podcast, we pick up where we left off from podcast 19 and the credit card discussion. We’ll go more in to detail about PCIDSS and I’ll talk about the 12 steps we covered a bit of last week. We’ll also talk about other stuff including news, notes, and more.
podcast 19 )173.43mb) November 18, 2020 Welcome to podcast 19 of the security box. This week, let’s talk about credit cards, PCIDSS, and more.
podcast 18 (191.52mb) November 11, 2020 This week on the security box, its one week after the election and results may or may not be in, depending on what is happening. Let us recollect on some of the election coverage where security has played a part. We are still having problems with misinformation, misconfigured servers, and more.
podcast 17 (171.57mb) November 4, 2020 Welcome to podcast 17 of the technology series known as the security box. Michael in Tennessee is along for an open discussion on encryption or the lack there of from the government. Topics include House Call by Trend Micro, a subset of apps that have at least one vulnerability and the percentage of those apps were a whopping 76 percent! News notes and more as well.
podcast 16 (171.38mb) October 27, 2020 Welcome to broadcast 16 of the Security Box. Commentary from the prior podcast, web hosting and what is offered to you, the government not knowing what security really is, and of course news notes and more.
podcast 15 (216.93mb) October 21, 2020 Welcome to the Security box, podcast 15. It was mainly an open forum of privacy talk today. Michael in Tennessee and Michael in Indiana join me, Armando from Northern California joined me, and the program lasts about 4 hours in length in this open forum style discussion.
podcast 14 (138.51mb) October 14, 2020 The Security Box, podcast 14 must continue with the ongoing saga of John Bernard. We’ve got an article on that. What do you guys think of a passwordless future? Lastpass talks about it. News, notes, comments, and more.
podcast 13 (179.89mb) October 7, 2020 Welcome to podcast 13 of the technology blog and podcast series known as the Security Box. On this episode, we are going to cover NCSAM, week 1. The big thing now a days are your security and identity protection when it comes to your online safety. The first article Identity Fraud: How to Protect Your Identity Data, Accounts and Money During the Coronavirus Crisis is discussed in a taped segment. Speaking of identity, Preston from Pensylvania is going to be on with an interview that I did with him talking about experience, stories, and the like. We’ll also cover some news if time allows. Please make sure that you tune in to the blog web site for all of the news, as NCSAM will be busy and lots of items will be posted. You may want to decide to subscribe so you don’t miss anything. Thanks for listening!
podcast 12 (176.43mb) September 30, 2020 Welcome to podcast 12 of the tech podcast series known as the Security Box. On this podcast, we continue with a story that started on podcast 10, with a gentleman that claimed to be successful, but sure wasn’t. Another company suffers a ransomware attack. ATWG says we shouldn’t use SSL to determine whether a site is secure. We also have news notes as well.
podcast 11 (136.19mb) September 23, 2020 Welcome to podcast 11 of the Security Box. Topics include TikTok, Ransomware and much more.
podcast 10 (199.97mb) September 16, 2020 Welcome to podcast 10 of the security box. On this edition of the program, we’re going to leave room for Michael in Indiana to talk to us about phone stuff. We’ll also have some other stuff as well.
podcast 9 (169.79mb) September 8, 2020 Welcome to the security box, podcast 9. This week, I think we’ll change gears a little bit and talk about the Internet in a different type of light. We’ll also have news, notes, commentary, and I believe the fix to comments left by callers is solved with an app I already give info for. If you can use the dial in number, you may use it, but turns out, not everyone may be able to use it. The days of Voice Mail services may be over. Lets get started!
podcast 8 (155.28mb) September 2, 2020 Welcome to podcast 8 of the Security Box. As you’ll see by the notes here, we’re fully packed, the show should be that way. I hope you enjoy it as much as I am bringing it together for each and every one of you. We had quite a bit of commentary from one of our listeners. A topic which asks the question, what do you think of when you have your TV? Shaun Everis had issues with their stock exchange. We also cover TikTok. We also have news, notes and more.
podcast 7 (134.14mb) August 26, 2020 Welcome to podcast 7 of the Security Box. This week, let’s peruse some topics, I’ll link to some articles, and you can comment as usual. News, Notes, and much more. Topics include election officials finding out about typosquatting domains, 11.6 billion pieces of information out on the dark web, and plenty of news including Experian and an update about a CSO who was charged for the Uber breach that took place in 2016. Thanks for listening!
podcast 6 (162.33mb) August 19, 2020 Welcome to podcast 6 of the Security Box. On this show, we’ve got a topic, a very interesting news notes where two articles take center stage, and we’ll open the lines for comments, questions, and other things. One of the topics deals with Epic Games and their decision to sideload their app because of some things Apple and Google didn’t like. News notes cover COVID related material at the time. There’s more including open forum!
podcast 5: (194.14mb) August 12, 2020 podcast 5 covered Phishing and its various forms. The main option we used was Wikipedia, but we also link to F-secure and a podcast talking about what this is. There is one aspect we did not cover which I think we should. Our things to ponder segment was a little adult in nature but appropriate in today’s environment of social media and the things that are allowed and not.
podcast 4: (179.35mb) August 5, 2020 Welcome to podcast 4 of the Security Box. On this show, we’ve got one main topic, a very interesting talk by Shaun Everess about a big time breach which effects GPS, news, notes, and more!
podcast 3: (169.26mb) July 29, 2020 Welcome to the Security Box, podcast 3. We really only have one main topic here. We also include news, notes, and other things in passing. We talk about the CHildren’s Online Privacy Protection Act which is the main topic. We also learn in this podcast that TikTok is not following this law which is known differently in different countries. Things to ponder, questions, comments and more are in this podcast as wll.
podcast 2: (162.52mb July 22, 2020 Welcome to the security box, podcast 2. On this podcast, Twitter takes center stage as it suffered a very interesting security problem they need to solve. People have said it was a big time breach, but as you’ll soon find out, unless you read the tech blog, there is more to the breach. Yes, accounts got breached, but we know there is other info. Articles are listed here for you to review. Besides that, find out about a big time breach article which was a two year look at many different breaches within a two year period. Also, find out about a piece of malware making a huge return on how it can’t! be trackable now a days and what the threat actors are up to.
podcast 1: (166.30mb) July 15, 2020 Welcome to the security box, podcast 1. While we’re playing a wide variety of music, the music will not be part of the notations. We’re only going to link to things talked about as part of the show itself. The show will be part of the Tech podcast series, but hosted through the independent channel of the suite of servers. I hope that you’ll be enlightened by the discussion, and I encourage discussion. If listening through the podcast itself, contact me through my tech address used through the tech podcast. Mix listeners can contact me through the contact the DJ’s page of the mix. On this first podcast, we talk about the Dark Web. We also talk about the comercialization of the target breach. There are more items, but these are two of them. Not everything will be linked, listen to the podcast for more! Thanks for listening!

Comments (0)

911 proxy is back, new name: cloud router: still dangerous

This is the post that Brian Krebs put out on Mastodon that caught my attention. You can also search proxy911 for coverage as we put this out on TSB specificly.

BrianKrebs: In July 2022 I published a deep dive into the history of 911 (911s5), a proxy service that had existed for 10 years and was enabling a ridiculous amount of cybercrime and abuse. They built their network mainly by surreptitiously bundling their proxy with other software.

https://krebsonsecurity.com/2022/07/a-deep-dive-into-the-residential-proxy-service-911/

A little over a week later, 911 imploded, saying they’d breached and that someone had wiped all their servers — including user information.

https://krebsonsecurity.com/2022/07/911-proxy-service-implodes-after-disclosing-breach/

Now spur.us, which monitors proxy services, says 911 has officially resurrected itself under a new name — cloudrouter[.]io. Spur says Cloudrouter’s proxies are fed by users who install PaladinVPN, which makes it much more explicit that people running PaladinVPN are in fact agreeing to share their IP address with others.

Spur says 911 already has > 130,000 nodes worldwide. They installed PaladinVPN and then saw their IP pop up almost immediately for rent at Cloudrouter.

https://spur.us/cloudrouter-911-proxy-resurrected/

We talked about spur.us before, especially in this context, and I read the article linked here. CloudRouter: 911 Proxy Resurrected is the article.

We want people to know what’s going on, and it honestly doesn’t surprise me that news of this kind has come out.

Sometimes, we learn that they’re gone and hear nothing more, others like this, we hear that they’re still around.

This is going to get quite interesting, and I hope that people are aware of this new development. If they aren’t, they need to learn about this.

This is the first I’m hearing about it, under this new name anyway, and I hope there’s a way to get it shut down. This is one of these services that should be illegal. Hiding crap in your policies to hide the nature of your traffic should really be outlawed.

Until that happens, keep informed, and stay aware.

What to check out

First, search proxy 911 with spaces to get searches, but there might be some you want to check out.

This might be some, so searh proxy or proxy 911 and read what you want.

Let the fun continue!

Comments (0)

Sans news bites for February 2, 2024

Ivanti is back in the news more than once, Johnson Controls discloses costs of ransomware attack as less than if they paid the actors, Jenkins has 45,000 servers still not patched, the FBI disrupts a botnet, a 17-year-old was caught, will be convicted as an adult, and Git Lab patches another critical vulnerability.

Here’s a link to the February 2, 2024                                                     Vol. 26, Num. 09 newsletter.

Top of the news

  • Johnson Controls Discloses Ransomware Breach Costs in SEC Filing
  • CISA Orders Federal Agencies to Disconnect Ivanti VPNs
  • FBI Director Wray Testifies at House Committee Hearing

The Rest of the news

  • 45,000 Jenkins Servers Remain Unpatched Against Critical Flaw
  • Ivanti Releases Patches, Discloses Two More Vulnerabilities
  • FBI Disrupts Botnet
  • CISA Urges Including Security in Development Process of SOHO Routers
  • Catching the Swatter
  • GitLab Patches Another Critical Vulnerability
  • Cyberattack Affecting IT Systems in Fulton County, Georgia
  • Juniper Releases Out-of-Cycle Advisory to Assign CVEs to Vulnerabilities
  • Leaked GitHub Token Exposes Mercedes Source Code

We covered the Mercedes last week, but they may have future updates besides what we covered.

If you read the newsletter, let me know what you think. I’m interested in your thoughts.

Comments (0)

Sans News Bites for January 30, 2024: lots of news and convictions too

Sans news bites was quite interesting today. Several of the items talk about arrests, and we love arrests and convictions. These are more convictions than arrests, but they were good.

Microsoft also got handed to as well with their recent breach of email, 23 and not me gets slapped in this newsletter, and Ivanti missed their patch day because they want to get it right.

Top of the news

Here’s what the items were at the top of the news.

  • Microsoft Provides Details About eMail Breach
  • Additional Information About the 23andMe Breach
  • Ivanti Acknowledges Missed Patch Deadline

As for the Microsoft Fiasco, they write:

Microsoft has released additional information about the breach that compromised executives’ emails. The intruders accessed the corporate email system through an old test account that had admin privileges but was not protected by multifactor authentication.

If I were to set up a test account like I’ve done in my early development days, I deleted them after I was done. I hope they learn from this.

As for 23 and not me, stop me if you’ve read something like this before in past blogs. Sans writes:

In a breach notification letter recently filed with regulators, 23andMe disclosed that intruders were accessing customer accounts for about five months before the situation was detected. From April through September of last year, the intruders brute-forced user accounts, stealing both raw genomic and health data.

One of their editors may be saying what I think we said on TSB. They wrote:

Five months to detect a breach that affected 50% of users is not ideal. Subsequently updating terms of service to prevent filing of class action lawsuits, even less so. Make sure that you’re going beyond tabletop exercises to ensure that you can detect intrusions in a timely fashion. Make sure that you’ve got updated scenarios in your incident response plans that reflect your current architecture and services. Lastly, make sure key stakeholders are onboard, including legal, HR, C-Level and the board. You all need to be operating from the same sheet of music when it goes sideways.

I don’t remember if we talked about the terms of service but the fact they did that with no communication with their “customers” (in quotes) should be problematic among itself.

Since the attack seems to be brute forced. One of the editors wrote about that in their comments.

Ivanti has acknowledged that it missed a self-imposed deadline for releasing patches for several vulnerabilities that are being actively exploited. Initially, Ivanti planned to begin releasing fixes for the flaws on January 2; an updated advisory cites “the security and quality of” the fixes as the reasons for the delay.

I’m glad that they are taking their time but the KEV now says that people should remove the software or get the mitigations in place.


The rest of the news

Here are the rest of the news items. As stated, several convictions.

  • Freehold Township (NJ) Schools Closed Due to Cyberattack
  • Ransomware Attack Disrupts Kansas City Transportation Communications
  • Patch Jenkins Vulnerability Now
  • Schneider Electric Suffers Ransomware Attack
  • Swatting Arrest
  • Prison Sentence for Ransomware Operator
  • 64-Month Prison Sentence for Trickbot Developer

Here’s what they say for the electric company.

Ransomware operators have reportedly targeted systems at Schneider Electric’s Sustainability Division. The attack, which occurred in mid-January, resulted in the theft of terabytes of data. The incident has caused disruptions for Schneider’s Resource Advisor cloud platform.

This is what they have to say about the ransomware operator. They write:

A Canadian court has sentenced Matthew Philbert to two years in prison for launching ransomware and other cyberattacks. Philbert was arrested in 2021, and pleaded guilty to fraud and unauthorized access to computers in October 2023.

Only two years for running a ransomware group? I think that’s crap.

As for the 64 months, they write:

A US court has sentenced Vladimir Dunaev to more than five years in prison for his role in the development of the Trickbot malware. The malware has been used to disrupt systems at hospitals and other businesses in the US. Dunaev, who is a Russian citizen, was extradited to the US from South Korea in 2021. He pleaded guilty to conspiracy to commit computer fraud and conspiracy to commit wire fraud in November.

Good job, hopefully you’ll find a better job.


There are other items that I have not covered here, but you can read more about them.

After all these, there’s an internet storm center that covers other stuff. Feel free to take a look at it.

Here’s the link to the Sans News bites for January 30, 2024 and make it a great day!

Comments (0)

Iran hits Pennsylvania water fascility

We should probably not be surprised about this development, but something that other fascilities must be aware of.

The article we’re referring to is coming from Cyberscoop and has been recently written.

U.S. officials are investigating an incident at a Pennsylvania water utility after hackers linked to Iran’s Islamic Revolutionary Guard Corps — who have a history of making exaggerated and false claims about their hacking exploits — breached a device at a remote water station.

It isn’t surprising if we hear that some groups boast about their exploits even if it is found they were not responsible for the attack. This is why we just report what we hear but I also say in my remarks that we will eventually see what is the story and that we’ll keep an ear on it and we’ll update if we find out something else has changed.

This might be more credible though, as the second article says:

The hackers, who call themselves the “Cyber Av3ngers,” were able to gain control of at least one device at the Municipal Water Authority of Aliquippa, Pa. The hackers breached a remote water station that regulates pressure for two townships with a population of just over 7,000 people.

Robert Bible is the General Manager of the fascility and he indicates that while there could have been an issue, it didn’t affect the every day use of water by people in the towns that were affected by the hack.

The article does talk about how some things have had to be changed to be ran in manual mode instead of automated, and the reporting here seems sound.

I’ll say this, if the whole thing is true, this is a wakeup call for other companies, and they must learn what went wrong if possible and make sure they are as secure as possible.

The article is titled Pennsylvania water facility hit by Iran-linked hackers and I know of at least one in the state that might find this interesting.

Make it a great day!

Comments (0)

LinkedIn hack: You need to check your LinkedIn account

TThis appeared first on tech vi.
I signin with everything tthrough my google to avoid some of this.
Nothing sensitive is posted in my linked in but yeah there are bad acters about.
Stay safe and frosty.
gHacks Technology News – Wednesday, August 16, 2023 at 8:45 AM

LinkedIn hack: You need to check your LinkedIn account

If you want to understand the ongoing LinkedIn hack easily, picture this:
profiles locked, passwords changed, and the unsettling realization that
unseen hands have infiltrated your professional realm. The battleground is
set, and users are grappling to regain control.

Do these appear as though they’ve emerged from a cinematic masterpiece?
Regrettably, this isn’t a scene from a film; it’s just a new day in 2023.

LinkedIn hack: How hackers are exploiting LinkedIn accounts
>

In a concerning development, a surge of account breaches has engulfed
LinkedIn, the professional networking platform. Users are grappling with
unauthorized access and the subsequent hijacking of their profiles by
cybercriminals. As the scale of these attacks grows, many find themselves
locked out of their accounts or coerced into paying ransom for control
restoration. Despite mounting complaints and frustrations, LinkedIn’s
support seems to be struggling to provide adequate assistance for now.

Cybersecurity firm
Cyberint
has shed light on the alarming tactics employed by these attackers. Leaked
credentials and brute-force techniques have become the weapons of choice,
allowing hackers to compromise a substantial number of LinkedIn accounts.
Those with weak security measures, such as easily guessed passwords or lack
of two-factor authentication, are particularly susceptible.

Yesterday night my LinkedIn
@LinkedIn
@LinkedInHelp account
https://t.co/V8R62WvDr5 is hacked.

I received 2 emails from your end at end at night 1.56am and 3.42 am and I
was sleeping.

Someone has changed email ID.

Can you help me recover this.

— Revolutionary Raja Ram for Tax & Economic Reforms (@abhishekrajaram)
August 16,
2023

LinkedIn is implementing temporary locks for accounts demonstrating strong
security as a preventive measure against multiple takeover attempts.
Locked-out users must navigate an intricate process to verify ownership and
reset their passwords before account access is restored. However, the
situation worsens for victims whose accounts fall prey to hackers.

Upon successfully infiltrating an account, attackers quickly alter the
linked email address to one from the “rambler.ru” domain, subsequently
changing the account password. This leaves the original account owners
locked out and vulnerable to further exploitation. In several cases, hackers
have gone a step further, imposing two-factor authentication to impede
victims’ attempts at account recovery.

As complaints mount and frustration grows, users have taken to social media
platforms, including Reddit, Twitter, and Microsoft forums, to voice their
dismay at LinkedIn’s lackluster support response. The absence of timely
assistance has left victims feeling powerless in their efforts to regain
control of their accounts.

What LinkedIn users should do now

As the threat of account breaches looms large, LinkedIn users must take
immediate action to safeguard their profiles and personal information.

Here’s what you should do:

  • Review and strengthen security measures: Review your account settings
    to ensure you have a strong password. Consider using a combination of
    uppercase and lowercase letters, numbers, and special characters. If you
    haven’t already, activate two-factor authentication (2FA) for an extra layer
    of security.
  • Change passwords: If you suspect your account might have been
    compromised or you haven’t updated your password recently, change it
    immediately. Avoid using the same password for multiple accounts.
  • Monitor account activity: Regularly review your account activity for
    any suspicious or unauthorized actions. Report any anomalies to LinkedIn’s
    support.
  • Stay vigilant against phishing: Be cautious of unsolicited messages or
    emails requesting personal information or login credentials. Hackers often
    employ phishing tactics to trick users into divulging sensitive data.
  • Verify email addresses: Ensure that the email address associated with
    your LinkedIn account is correct and up-to-date. This can prevent attackers
    from using “rambler.ru” or other unfamiliar domains to take control of your
    account.
  • Regularly update information: Keep your account information accurate
    and current. This can aid in account recovery and verification processes.
  • Report suspicious activity: If you encounter any suspicious behavior
    on your account or believe you have fallen victim to an attack, report it
    immediately to LinkedIn’s support team.

For users caught in the crossfire, regaining access to their accounts has
become a complex journey. Owners of locked accounts must navigate identity
verification and password updates.

In light of these concerning developments, LinkedIn users must prioritize
their account security. By implementing these proactive measures,
individuals can reduce their vulnerability to potential breaches and
maintain a safer online presence.

Thank you for being a Ghacks reader. The post LinkedIn hack: You need to
check your LinkedIn
account
appeared first on gHacks Technology News.

Comments (0)

Mac encryptor, here we come with Lockbit having a hand at first dibs

Hello folks,

Last night, I read an article through Databreaches.net titled LockBit ransomware gang appears to be targeting Macs for the first time which was quite interesting.

While this may be a start, this may be something Mac users may need to watch. This bleeping computer article that was boosted through Brian Krebs that I recently read goes in to a lot more detail than databreaches. I appreciate databreaches and what they’re doing, maybe we can find out about things that others don’t cover.

With that said, this article is titled LockBit ransomware encryptors found targeting Mac devices and was just as interesting.

This is going to be one that if it is in early development now, I’d hate to see what it could really do.

The thing is, at the bottom of the article, the public facing person working for lock bit did say that this was in active development.

Several Windows files and extensions are excluded from being encrypted just like in the Windows and other versions that are out there.

You are welcome to read both of these articles and decide how you want to proceed. This is going to be big if it ends up being powerful and destructive.

Thank you Malware Hunter Team for finding this, and for Virus Total for doing what you should be doing, letting research like this take place.

Maybe Kuwait needs to learn from articles like these.

blog post

If they learn that research like this and allowing people to talk about Cybersecurity is a good thing, they’ll change their mind on going after others who are trying to do the right thing.

Let us know what you think of these developments. This is still developing, and nothing is out to be a problem with the public as of yet. It may still be a prototype for now, but I suggest it’ll change and change soon.

Here is the boost from Brian Krebs if you’d like to see it.

BrianKrebs: Boosting Brett Callow (brett): Update 4/16/23: In response to questions from BleepingComputer, the public-facing representative of #LockBit, known as LockBitSupp, said that the Mac encryptor is “actively being developed.” #ransomware
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-encryptors-found-targeting-mac-devices/

The link is above, where i link to the article so I won’t link here.

Thanks for reading and make it a great day!

Comments (0)

Sans news bites for March 3, 2023

This Sans news bites is quite interesting. It does cover the Dishhhhhhh Network issues as we had it as of the 28th after all likE I thought they would.

There are other gems here too.

Top of the news

  • White House US National Cybersecurity Strategy Seeks to Shift Responsibility for Cybersecurity to Tech Companies
  • GitHub Secret Scanning is Now Available to Everyone
  • Booking.com Fixes OAuth Misconfiguration That Allowed Account Takeover

Three great top stories. Git Hub is one of the most popular repositories out there for development and collaberation. With that said, this secret scanning ordeal is something that I think we need to pass along to those who use this tool for development work.

It checks to make sure that passwords, usernames and other sensitive info is not in the repository. That’s a good thing!

As for the whitehouse security thing, the U.S. doesn’t even get it. We’ve been fighting this for too long, and a quote from our former president Clinton in 1998 was in this piece by the editors. This means that they’ve been trying to graple with this before it became a problem hasn’t gone anywhere.

The rest of the news

  • Good and Bad Data Breach Responses
  • Details of Dish Network Cybersecurity Incident Trickle Out
  • Cisco Updates Fix Flaws in Web UI of IP Phones
  • CISA Adds ZK Framework Flaw to Known Exploited Vulnerabilities Catalog
  • CISA Launches Free Tool to Help Map Attacker Activity to MITRE ATT&CK Framework
  • BlackLotus Bootkit Can Bypass Secure Boot on Windows 11
  • Recently Disclosed Health Sector Data Breaches

Item 7 is pretty bad, as healthcare is so underfunded and care of course is important. Actors know this and they’re going to continue to target places until this issue is slowed down.

As for the worst data breach responses, Lastpass is discussed as having one of the 5 worst responses after a breach. I do hope they learn from these incidents as I discussed on the last news bites I published. I kind of feel bad for them, but there are others who made similar mistakes.

Here is the newsletter for March 3, 2023 and let me know what you think.

Comments (0)

Sans News bites for February 17, 2023Sans News bites for February 17, 2023

I know I usually try to read these on Friday or Saturday and the Tuesday ones on Tuesday or Wednesday, but now is better than later for last Friday.

Lots of annotated news, some of which we’ve covered here on the blog.

Top of the news

  • FAA Tells Senate Panel About New Procedures to Protect Against NOTAM Outages
  • Microsoft’s February Patch Tuesday Includes Three Zero-days
  • Cisco Updates Address ClamAV Vulnerability

The Clam AV story is interesting as its an antivirus engine. What I didn’t know is that it could be in products that we don’t know has it. That’s an interesting development, and why Cisco is pushing out the patch.

The patch Tuesday articles are here and we posted Krebs on Security’s and an article from Kim within that week. Others are in that list too.

As for the FAA issue, its going to get interesting. We know that lots of flights were grounded and I know it is a tricky issue so I’m not going to trash an agency who is trying to deal with something that has probably only happened once and its been working so well before hand.

The Rest of the news

  • Hyundai and Kia Release Software Updates to Prevent Auto Theft
  • Microsoft Update Removes Internet Explorer 11 from Most Versions of Windows 10
  • CommonSpirit Health Cyberattack Costs Top $150m to Date
  • Community Health Systems Discloses Breach That Affected Patient Data 
  • US Customs and Border Protection Can Now Read e-Passports
  • CISA Adds Five Vulnerabilities to Known Exploited Vulnerabilities Catalog

The Hyundai and Kia story was published through Kim Komando’s breaking news newsletter. While i don’t cover cars on a regular basis, people need to know what’s going on and I found what they had to write quite interesting.

The fact is, Social Media, especially TikTok, allow anything to be posted. Since they’re called challenges on TikTok, anyone will do anything they see on that platform. Maybe it isn’t so prevalent on Facebook and Twitter, but I bet these types of things do occur.

Its sad about the Community Health situation. If the 150 million is only a third of the total cost they’ve lost or had to pay, we have no real answers. We know mistakes occur, but breaches in this magnitude are only going to increase and I suppose, the cost as well.

As for Microsoft removing Internet Explorer, yeah! Its out of date and probably has more bugs in it than it trying to keep up with the times. Edge using Chromium is probably people’s best bet as well as trying applications like firefox, chrome itself or even brave.

I understand brave is accessible and searching brave browser may come up with the right web site. I don’t have a URL on it, but be careful searching as actors may try to get you to click.

Want to read the newsletter? Here is the link to the February 17, 2023 newsletter for those who want to read it.

Stay safe!

Comments (0)

What’s been posted on EMHS, posting cutoff 1500 hours January 17, 2023 Pacific time

Hello folks,

Welcome to another posting of what’s been posted to EMHS’s resources page. Here, you can find terms, books of interest, articles from around the landscape talking about breaches and scams, and companies and services that are out there to protect you or teach you.

We’ve got quite a bit to cover, so let’s get started!


Terms

There are two new terms. One which is part of the current podcast, and one added after a big time breach which will be talked about as part of the current podcast.

Itteration may be a little confusing for you. It is more of a math term, but it is talked about in computing, so please read that section of the page. If someone finds a better page, please pass it along!


Blog Posts

The big news besides Lastpass’s continuing saga which they hope will go away is the Norton Breach. It leads our coverage for this week.

I may duplicate here, as several were on the 9th and may have been posted, but its OK. I’d rather duplicate and make sure I got everything than not at all. Sorry for any duplication!


Companies and services

There are no new companies and services to add. If you know of one that we’re missing, please let us know!


<

Books

There are no new books we’ve found this time.


Podcasts

We posted TSB, podcast 126 on Wednesday, if you missed it, we urge you to check it out. We normally post it the same day its taped, so check the page or the blog within one day. Hope you find it of interest!


EMHS’s web site

Here is the link to email host security. Please note, we’re not looking for any web hosting or web development. The JRN does all of that work, as it is constantly getting updated with things we find. No outside company will want to do this, I’m sure. Check out the resources page from the linked page for all of our resources we’ve found to keep you safe from phishing and the landscape.

Thanks for reading, and enjoy your learning!

Comments (0)

Older Posts »

go to sections menu


navigation menu

go to sections menu